0xCERTReport incident

Contact

How to reach us, by urgency.

If you are in the middle of an incident, skip everything else and email the on-call address. Otherwise pick the channel that matches your need.

EMERGENCY

Active incident on-call

Funds moving, key exposed, front-end serving malicious code, signer compromised.

soc@0xcert.com

Paged 24/7. Initial response within 60 minutes.

Open structured report
DISCLOSURE

Vulnerability disclosure

Researcher submitting a vulnerability for coordinated disclosure. PGP-encrypted submissions preferred.

cert@0xcert.com

Acknowledged within 24h with a tracking ID.

View PGP key
GENERAL

General inquiries

Press, partnerships, speaking, training requests, or constituency questions.

cert@0xcert.com

Response within 2 business days.

PEER CERT

Coordinating with another CERT

Cross-team incident coordination via FIRST, Trusted Introducer, or bilateral channels.

cert@0xcert.com

We are reachable via FIRST member channels — request inclusion in the relevant case room.

Secure channel

PGP public key.

Encrypt anything sensitive — exploit details, attacker addresses, signer compromise reports. Verify the fingerprint before use.

13C6 45BC B97B 1025 6CE7 0CD2 923B 60E3 68E2 374E
↓ download key (/pgp.asc)security.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEajPlzxYJKwYBBAHaRw8BAQdAd4t0y8dH226wmPjosbi8wBS6Wu0ZJvktQSHX
bDZFdMe0RjB4Q0VSVCAoQmxvY2tjaGFpbiBDb21wdXRlciBFbWVyZ2VuY3kgUmVz
cG9uc2UgVGVhbSkgPGNlcnRAMHhjZXJ0LmNvbT6IlgQTFgoAPhYhBBPGRby5exAl
bOcM0pI7YONo4jdOBQJqM+XPAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4B
AheAAAoJEJI7YONo4jdOBN4A/2xfzy2VVNRKdeezIECr8fSqIbDIdGUN+QQqjEjA
K1fTAP9zRSe2vgRTgyozDz3Weoc+3gLnXdJXYycnhoxF5kTDDbg4BGoz5c8SCisG
AQQBl1UBBQEBB0DAE28RNytRfvlGSfQ0PJ0395lH2zo1ZEspD+AnTPRSFgMBCAeI
fgQYFgoAJhYhBBPGRby5exAlbOcM0pI7YONo4jdOBQJqM+XPAhsMBQkDwmcAAAoJ
EJI7YONo4jdOy/0A/RqeJkXYecciMn7xwROYW/pMD7VdZI79gJSIF3nz39XWAPsF
kANWPuiMEYPVmbAXh4KeANwgHhPr9oklFO9W5g49Cw==
=R1Yn
-----END PGP PUBLIC KEY BLOCK-----

What to include

Give us enough to act.

  • What happened, in one sentence (e.g. 'Bridge contract drained').
  • Affected chain(s) and contract addresses.
  • Transaction hash(es) — at minimum the attacker's first malicious tx.
  • Whether funds are still moving and any estimated USD at risk.
  • Whether you have already contacted exchanges, the project, or law enforcement.
  • How you want to be reached for follow-up (email, Signal, etc.).